robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

now doing this at work, Friday id PhD afternoon though

Browse Source
This commit is contained in:
Robin P. Clark 2013-09-27 15:03:50 +01:00
parent 4ffc0b39d1
commit 8b4760e6d1
4 changed files with 54 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mybib.bib
View File

@ -587,7 +587,8 @@ number={2},
@INPROCEEDINGS{FMEAmultiple653556, @INPROCEEDINGS{FMEAmultiple653556,
author={Price, C.J. and Taylor, N.S.}, author={Price, C.J. and Taylor, N.S.},
booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, title={FMEA for multiple failures}, booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual},
title={FMEA for multiple failures},
year={1998}, year={1998},
month={jan}, month={jan},
volume={}, volume={},

27
submission_thesis/CH2_FMEA/copy.tex
View File

@ -892,8 +892,13 @@ failures\footnote{Multiple simultaneous failures are taken to mean failures that
Detection periods are typically determined for the process under control. For instance, for a flame detector in an industrial burner this Detection periods are typically determined for the process under control. For instance, for a flame detector in an industrial burner this
is typically one second.~\cite{en298}}. is typically one second.~\cite{en298}}.
% %
Work has been performed using component failure statistics to Multiple failures may cause the same system level failure (i.e. two separate failures
offer the more likely multiple failures~\cite{FMEAmultiple653556} for analysis. could cause the same system failure, and in combination still cause the same failure), this
can be termed a common failure result.
%
Work has been performed using component failure statistics and logic to
offer selected---by virtue of statistical likelihood and common failure result reduction---multiple failures for analysis
and consideration by an investigating engineer~\cite{FMEAmultiple653556}.
% %
%We now compound the multiple symptoms from one {\bc} {\fm} possibility %We now compound the multiple symptoms from one {\bc} {\fm} possibility
%with the merging of Markov chains. %with the merging of Markov chains.
@ -906,7 +911,7 @@ meaning the additional failures might have to be analysed with respect to the ch
%for the the results of an FMEA line of reasoning. %for the the results of an FMEA line of reasoning.
Because multiple failures mean dealing with changed topologies Because multiple failures mean dealing with changed topologies
the objective criteria is additionally complicated with the subjective the objective criteria is additionally complicated with the subjective
adding another layer of complication. adding yet another layer of complication.
% %
% %
Traditional FMEA has the translation from an objective to subjective Traditional FMEA has the translation from an objective to subjective
@ -1137,7 +1142,7 @@ is given in section~\ref{sec:resistortolerance}.
\item \textbf{FMECA - Criticality} Emphasis on minimising the effect of critical systems failing; % Military/Space \item \textbf{FMECA - Criticality} Emphasis on minimising the effect of critical systems failing; % Military/Space
\item \textbf{FMEDA - Statistical Safety} Statistical analysis giving Safety Integrity Levels; \item \textbf{FMEDA - Statistical Safety} Statistical analysis giving Safety Integrity Levels;
\item \textbf{DFMEA - Design or Static/Theoretical} Approval of safety critical systems using FMEA and single or double failure prevention;% EN298/EN230/UL1998 \item \textbf{DFMEA - Design or Static/Theoretical} Approval of safety critical systems using FMEA and single or double failure prevention;% EN298/EN230/UL1998
\item \textbf{SFMEA - Software FMEA --- only used in highly critical systems at present} \item \textbf{SFMEA - Software FMEA} --- Usage not enforced by most current standards~\cite{en298,en230,en61508}. %only used in highly critical systems at present.
\end{itemize} \end{itemize}
@ -1566,8 +1571,18 @@ for each {\fm},
so that the entry can be more easily reviewed or revisited/audited. % than a traditional FMEA report. so that the entry can be more easily reviewed or revisited/audited. % than a traditional FMEA report.
% %
Because FMEA is traditionally performed with one entry per component {\fm}, full reasoning descriptions Because FMEA is traditionally performed with one entry per component {\fm}, full reasoning descriptions
are rare. are rare.
This means that re-use, review and checking of traditional analysis must often be started from `cold'. %
Another effect on a one entry per failure mode model, is that the terminology
may be inconsistent. Failure symptoms, although being the same at a system level, may be
given different names in the same project.
%
These factors mean that re-use, review and checking of traditional analysis can often be started from `cold'.
%
Work has been performed to assist in incremental FMEA production by use of a software tool
which in conjunction with circuit simulation
and a database of component failure modes (providing consistency in terminology)
speeds up the FMEA process~\cite{incrementalfmea}.
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

17
submission_thesis/CH3_FMEA_criticism/copy.tex
View File

@ -46,6 +46,7 @@ of the era when FMEA methodologies were invented.
With FMEA it is very difficult to perform %impossibility of performing With FMEA it is very difficult to perform %impossibility of performing
meaningful meaningful
multiple failure analysis~\cite{FMEAmultiple653556,maikowski}. multiple failure analysis~\cite{FMEAmultiple653556,maikowski}.
%
The main reasons for this are that in electronics, each failure The main reasons for this are that in electronics, each failure
can introduce a circuit topology change and state explosion can introduce a circuit topology change and state explosion
means there can be extremely large numbers of double failures to check. means there can be extremely large numbers of double failures to check.
@ -225,7 +226,7 @@ This property is examined in section~\ref{sec:theoreticalperfmodel}.
A comparison complexity order, or reasoning distance, of $O(N^2)$ A comparison complexity order, or reasoning distance, of $O(N^2)$
could be seen as desirable in an automated process such as a search algorithm, could be seen as desirable in an automated process such as a search algorithm,
but here it is a time consuming manual process which but here it is a time consuming manual process which
demands experienced and highly qualified personnel. demands experienced and highly qualified personnel~\cite{automatingFMEA1281774}.
% %
It is therefore desirable to reduce this order further. It is therefore desirable to reduce this order further.
@ -258,7 +259,9 @@ Work has been performed using databases
to track the relationships between variables to track the relationships between variables
and system failure modes~\cite{procsfmeadb}, to %work has been performed to and system failure modes~\cite{procsfmeadb}, to %work has been performed to
introduce automation into the FMEA process~\cite{appswfmea} and to provide code analysis introduce automation into the FMEA process~\cite{appswfmea} and to provide code analysis
automation~\cite{modelsfmea}. Although the SFMEA and hardware FMEAs are performed separately, automation~\cite{modelsfmea}.
%
Although the SFMEA and hardware FMEAs are performed separately,
some schools of thought aim for Fault Tree Analysis (FTA)~\cite{nasafta,nucfta} (top down - deductive) some schools of thought aim for Fault Tree Analysis (FTA)~\cite{nasafta,nucfta} (top down - deductive)
and FMEA (bottom-up inductive) and FMEA (bottom-up inductive)
to be performed on the same system to provide insight into the to be performed on the same system to provide insight into the
@ -268,11 +271,17 @@ Subtle problems in embedded software are often due to interrupt contention causi
corruption of variables: automated tools to aid the detection of this corruption of variables: automated tools to aid the detection of this
are becoming available~\cite{concurrency_c_tool}. are becoming available~\cite{concurrency_c_tool}.
% %
Work has been performed to parse software, and to map source code statements as edges
and variables as nodes, to form directed acyclic graphs~\cite{sfmea}, where failure mode propagation
can be traced.
%
Although current software FMEA techniques Although current software FMEA techniques
should give a better picture of the failure mode behaviour, should give a better picture of the failure mode behaviour,
they are by no means a rigorous approach to tracing errors that may occur in hardware being followed they are by no means a rigorous approach to tracing errors that may occur in hardware being followed
through to the top (and therefore ultimately controlling) layer of software. through to the top (and therefore ultimately controlling) layer of software.
% %
That is they do not offer an integrated software hardware failure mode model.
%
With the increasing use of micro-controllers in place of much analogue electronics With the increasing use of micro-controllers in place of much analogue electronics
for most new designs of electronic product, the poor software integration capabilities of FMEA for most new designs of electronic product, the poor software integration capabilities of FMEA
are now being seen as deficiencies. are now being seen as deficiencies.
@ -509,8 +518,10 @@ getting too complicated for meaningful analysis using FMEA.
% %
\subsection{FMEA Criticism: Conclusions.} \subsection{FMEA Criticism: Conclusions.}
%
FMEA is a useful tool for basic safety --- it provides statistics on safety where field data is impractical --- FMEA is a useful tool for basic safety --- it provides statistics on safety where field data is impractical ---
and is good with single failure modes linked to top level events. and is good with single failure modes linked to top level events.
%
FMEA has become part of the safety critical and safety certification industries. FMEA has become part of the safety critical and safety certification industries.
% %
SFMEA is in its infancy, and there are corresponding gaps in SFMEA is in its infancy, and there are corresponding gaps in
@ -529,7 +540,7 @@ with a one step analysis stage.
% \begin{itemize} % \begin{itemize}
% \item Impossible to integrate Software and hardware models, % \item Impossible to integrate Software and hardware models,
% \item State explosion problem exacerbated by increasing complexity due to density of modern electronics, % \item State explosion problem exacerbated by increasing complexity due to density of modern electronics,
% \item Impossible to consider all multiple component failure modes~\cite{FMEAmultiple653556} % \item Impossible to consider all multiple component failure modes~\cite{FMEAmultbbbiple653556}
% \end{itemize} % \end{itemize}
% %
%\subsection{FMEA - Better Methodology - Wish List} %\subsection{FMEA - Better Methodology - Wish List}

37
submission_thesis/appendixes/detailed_analysis.tex
View File

@ -2,7 +2,7 @@
\chapter{Detailed FMMD analyses} \chapter{Detailed FMMD analyses}
For clarity the detailed workings of the FMMD analysis stages in many of the examples For clarity the detailed workings of the FMMD analysis stages in many of the examples
in chapter 5 have been moved here for reference. in chapters ~\ref{sec:chap5}~and~\ref{sec:chap6} have been moved here for reference.
\section{Bubba Oscillator FMMD analyses} \section{Bubba Oscillator FMMD analyses}
@ -105,7 +105,7 @@ $$
\end{tabular} \end{tabular}
\end{table} \end{table}
Collecting symptoms from table~\ref{tbl:bubbalargefg}, the {\dc} $ BubbaOscillator $ is created with the following failure modes: Collecting symptoms from table~\ref{tbl:bubbalargefg}, the {\dc} $ BubbaOscillator $ is created with the following failure modes:
$$ $$
fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc} \} . fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc} \} .
$$ $$
@ -124,7 +124,7 @@ $$
\begin{table}[h+] \begin{table}[h+]
\caption{BUFF45: Failure Mode Effects Analysis} % title of Table \caption{BUFF45: Failure Mode Effects Analysis} % title of Table
\label{tbl:buff45} \label{tbl:buff45}
\centering
\begin{tabular}{|| l | l | c | c | l ||} \hline \begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{BUFF45} & & \textbf{Symptom} \\ %\textbf{Failure Scenario} & & \textbf{BUFF45} & & \textbf{Symptom} \\
% & & & & \\ % & & & & \\
@ -132,8 +132,8 @@ $$
\textbf{cause} & & \textbf{Effect} & & \\ \textbf{cause} & & \textbf{Effect} & & \\
\hline \hline
FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $0\_phaseshift$ \\ FS1: $PHS45_1$ $0\_phaseshift$ & & no phase shift & & $0\_phaseshift$ \\
FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
%FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $90\_phaseshift$ \\ \hline %FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $90\_phaseshift$ \\ \hline
FS3: $NIBUFF_1$ $L_{up}$ & & output high & & $NO_{signal}$ \\ FS3: $NIBUFF_1$ $L_{up}$ & & output high & & $NO_{signal}$ \\
@ -237,7 +237,7 @@ $$
Collecting symptoms from table~\ref{tbl:phs225amp}, the {\dc} $PHS225AMP $ is created with the following failure modes: Collecting symptoms from table~\ref{tbl:phs225amp}, the {\dc} $PHS225AMP $ is created with the following failure modes:
$$ $$
fm() = \{ 180\_phaseshift, NO\_signal \} . fm(PHS225AMP) = \{ 180\_phaseshift, NO\_signal \} .
$$ $$
\clearpage \clearpage
@ -349,7 +349,7 @@ $$
FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\ FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\
FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\ FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\
FS3: $IC2$ $NOOP$ & & no current to output & & $NOOP$ \\ FS3: $IC2$ $NOOP$ & & no current to output & & $NOOP$ \\
FS4: $IC2$ $LOW\_SLEW$ & & delay signal & & $LOW\_{SLEW}$ \\ \hline FS4: $IC2$ $LOW\_SLEW$ & & delayed signal & & $LOW\_{SLEW}$ \\ \hline
\end{tabular} \end{tabular}
\end{table} \end{table}
% \hline % \hline
@ -382,7 +382,7 @@ $$
\hline \hline \hline \hline
FS1: $PD $ $HIGH$ & & output perm. low & & LOW \\ FS1: $PD $ $HIGH$ & & output perm. low & & LOW \\
FS2: $PD $ $LOW$ & & output perm. low & & HIGH \\ \hline FS2: $PD $ $LOW$ & & output perm. high & & HIGH \\ \hline
\hline \hline
FS3: $IC3$ $HIGH$ & & output perm. high & & HIGH \\ FS3: $IC3$ $HIGH$ & & output perm. high & & HIGH \\
@ -815,13 +815,8 @@ $$
\subsection{ LEDOutput: Failure Mode Effects Analysis } \subsection{ LEDOutput: Failure Mode Effects Analysis }
%
{ {
\tiny \tiny
\begin{table}[h+] \begin{table}[h+]
@ -1017,14 +1012,14 @@ Some standards, notably EN298 only consider most types of resistor as failing in
%FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses.
% FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011 % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
This example This example
compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. compromises and uses a 9:1 OPEN:SHORT ratio for resistor failure.
% %
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
in the other 10\%. in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military specification at A standard fixed film resistor, for use in a benign environment, non military specification at
temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$) temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}). hours of operation (see equation \ref{eqn:resistor}).
In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of In EN61508 terminology, this figure is referred to as a Failure in Time (FIT)\footnote{FIT values are measured as the number of
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
FIT number the more reliable the component.}. FIT number the more reliable the component.}.
% %
@ -1065,7 +1060,7 @@ Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
\frategloss \frategloss
%Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which %Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
%presents the FIT values for all single failure modes. %presents the FIT values for all single failure modes.
Using the above table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes. Using the above; table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}} %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
\fmmdglossFIT \fmmdglossFIT
% %
@ -1087,6 +1082,7 @@ TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline
\hline \hline
TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\ TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
\hline \hline
\end{tabular} \end{tabular}
\label{tab:stat_single} \label{tab:stat_single}
@ -1098,8 +1094,9 @@ The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The Pt100 circuit here has a FIT of 342.6. This is an MTTF of test cases. The Pt100 circuit here has a FIT of 342.6. This is an MTTF of
about $\approx 360$ years per circuit. about $\approx 360$ years per circuit.
% %
A probabilistic tree can now be drawn, with a FIT value for the overall Pt100 A probabilistic tree can now be drawn, see figure~\ref{fig:stat_single}, with a FIT value for the overall Pt100
circuit and FIT values for all its component fault modes. % from which it was calculated. circuit and
FIT values for all its component fault modes. % from which it was calculated.
% %
From this it can be seen that the most likely fault is the thermistor going OPEN. From this it can be seen that the most likely fault is the thermistor going OPEN.
% %
@ -1145,7 +1142,7 @@ failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{t
The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition, The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
requires that resistors $R_1$ and $R_2$ both fail. requires that resistors $R_1$ and $R_2$ both fail.
% %
Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing. Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing simultaneously.
% %
The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour.
% %